From 7872df41b10f9771b7c2b11e49dd53107eab0b76 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <arthur.gautier@arista.com>
Date: Fri, 31 May 2024 19:07:05 -0700
Subject: [PATCH] session: expose derive_keys

---
 src/session/securechannel.rs         | 10 ++++------
 src/session/securechannel/context.rs | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/session/securechannel.rs b/src/session/securechannel.rs
index 05c2e146..506659db 100644
--- a/src/session/securechannel.rs
+++ b/src/session/securechannel.rs
@@ -182,9 +182,7 @@ impl SecureChannel {
         card_challenge: Challenge,
     ) -> Self {
         let context = Context::from_challenges(host_challenge, card_challenge);
-        let enc_key = derive_key(authentication_key.enc_key(), 0b100, &context);
-        let mac_key = derive_key(authentication_key.mac_key(), 0b110, &context);
-        let rmac_key = derive_key(authentication_key.mac_key(), 0b111, &context);
+        let session_keys = context.derive_keys(authentication_key);
         let mac_chaining_value = [0u8; Mac::BYTE_SIZE * 2];
 
         Self {
@@ -192,9 +190,9 @@ impl SecureChannel {
             counter: 0,
             security_level: SecurityLevel::None,
             context,
-            enc_key,
-            mac_key,
-            rmac_key,
+            enc_key: session_keys.enc_key,
+            mac_key: session_keys.mac_key,
+            rmac_key: session_keys.rmac_key,
             mac_chaining_value,
         }
     }
diff --git a/src/session/securechannel/context.rs b/src/session/securechannel/context.rs
index 1a50769c..de6ce8c1 100644
--- a/src/session/securechannel/context.rs
+++ b/src/session/securechannel/context.rs
@@ -1,6 +1,7 @@
 //! Derivation context (i.e. concatenated challenges)
 
-use super::{Challenge, CHALLENGE_SIZE};
+use super::{derive_key, Challenge, SessionKeys, CHALLENGE_SIZE};
+use crate::authentication;
 
 /// Size of a session context
 const CONTEXT_SIZE: usize = CHALLENGE_SIZE * 2;
@@ -21,4 +22,17 @@ impl Context {
     pub fn as_slice(&self) -> &[u8] {
         &self.0
     }
+
+    /// Derive session keys from context and authentication key
+    pub fn derive_keys(&self, authentication_key: &authentication::Key) -> SessionKeys {
+        let enc_key = derive_key(authentication_key.enc_key(), 0b100, self);
+        let mac_key = derive_key(authentication_key.mac_key(), 0b110, self);
+        let rmac_key = derive_key(authentication_key.mac_key(), 0b111, self);
+
+        SessionKeys {
+            enc_key,
+            mac_key,
+            rmac_key,
+        }
+    }
 }